Nancy Cooke collaborates on MURI award to defend against cyberattacks
Above: Professor Nancy Cooke works with a student in the Cyber Defense EXercises for Team Awareness Research simulator, known as DEXTAR, on ASU’s Polytechnic campus. Photographer: Jessica Hochreiter/ASU
In “The Art of War,” famed Chinese general Sun Tzu advised, “if you know the enemy and know yourself, you need not fear the result of a hundred battles.”
Along with five other universities, researchers from Arizona State University are bringing this age-old concept to digital battlefields to combat advanced persistent cyber threats and other forms of cyber malfeasance.
Titled “Realizing Cyber Inception: Towards a Science of Personalized Deception for Cyber Defense” the project brings together experts in computer science, cybersecurity, game theory and cognition to conduct research on defending against cyberattacks by profiling the attackers. The work is supported by a $6.2 million Multidisciplinary University Research Initiative award, granted to the six partnering universities by the Army Research Office last month.
That data will go to researchers at Carnegie Mellon University, who in turn create cognitive models of decision-making by attackers. Paired with a mathematical framework for modeling defenders and attackers in a cyber security environment, the cognitive models are used to develop examples of multi-layered environments that can monitor attacks.
“What we’re doing is developing a personalized form of deception,” says Cooke. “We try to understand the attacker. Instead of a using a generalized honeypot, we specialize the offense against them, creating an environment in which they don’t know what’s real and what’s not.”
The types of attacks Cooke and her fellow researchers look to guard against have seen an uptick in recent years. For instance, in January 2017, an assessment by the Office of the Director of National Intelligence concluded with high confidence that the Russian government interfered in the 2016 U.S. presidential election through hacking.
“These kind of attacks are dangerous because they start out personal, but become persistent and pervasive,” says Cooke, citing the 2014 cyber attacks against JPMorgan Chase and Sony Pictures, both of which resulted in extended data and communication breaches.
“A lot can happen once they’re in the system, opening doors to espionage and threats to national security,” says Cooke.
The University of Southern California leads the project, with Milind Tambe, a professor of computer science, at the helm. Carnegie Mellon, the University of North Carolina, Chapel Hill, North Carolina State University and the University of Texas, El Paso round out the partner institutions in addition to ASU.
“When the call went out for this, as it often happens, people at different universities started calling around to see if one another were interested,” says Cooke. “We thought our different skillsets would make for a good team, and evidently so did the ARO.”
This marks the third MURI award Cooke has been a part of, the previous two awarded by the Office of Naval Research and the Army Research Office. One examined macro-cognition in a Naval setting and how to improve teamwork during operations, while the other studied situational awareness in cyber security.